Investigate weaknesses with Microsoft Defender for Endpoint's threat and vulnerability management

Microsoft's threat and vulnerability management is a built-in module in Microsoft Defender for Endpoint that can:

  • Discover vulnerabilities and misconfigurations in near real time
  • Prioritize vulnerabilities based on the threat landscape and detections in your organization

If you've enabled the integration with Microsoft Defender for Endpoint, you'll automatically get the threat and vulnerability management findings without the need for additional agents.

As it's a built-in module for Microsoft Defender for Endpoint, threat and vulnerability management doesn't require periodic scans.

For a quick overview of threat and vulnerability management, watch this video:


As well as alerting you to vulnerabilities, threat and vulnerability management provides additional functionality for Defender for Cloud's asset inventory tool. Learn more in Software inventory.


Aspect Details
Release state: General availability (GA)
Machine types: Azure virtual machines
Azure Arc-enabled machines
Supported machines
Pricing: Requires Microsoft Defender for Servers Plan 1 or Plan 2
Prerequisites: Enable the integration with Microsoft Defender for Endpoint
Required roles and permissions: Owner (resource group level) can deploy the scanner
Security Reader can view findings
Clouds: Commercial clouds
National (Azure Government, Azure China 21Vianet)

Onboarding your machines to threat and vulnerability management

The integration between Microsoft Defender for Endpoint and Microsoft Defender for Cloud takes place in the background, so it doesn't involve any changes at the endpoint level.

  • To manually onboard one or more machines to threat and vulnerability management, use the security recommendation "Machines should have a vulnerability assessment solution":

    Selecting a vulnerability assessment solution from the recommendation.

  • To automatically find and view the vulnerabilities on existing and new machines without the need to manually remediate the preceding recommendation, see Automatically configure vulnerability assessment for your machines.

  • To onboard via the REST API, run PUT/DELETE using this URL:

The findings for all vulnerability assessment tools are in the Defender for Cloud recommendation Vulnerabilities in your virtual machines should be remediated. Learn about how to view and remediate findings from vulnerability assessment solutions on your VMs

Next steps

Defender for Cloud also offers vulnerability analysis for your: